Actualiser synology_dsm_upgrade_api.yml
This commit is contained in:
parent
ce2a448b23
commit
f526d7832e
|
|
@ -7,18 +7,20 @@
|
||||||
# --- Connexion DSM ---
|
# --- Connexion DSM ---
|
||||||
syno_scheme: "https"
|
syno_scheme: "https"
|
||||||
syno_port: 5001
|
syno_port: 5001
|
||||||
syno_verify_ssl: false # mets true si tu as un certificat OK
|
syno_verify_ssl: false # true si certificat OK
|
||||||
syno_user: "{{ vault_syno_user | default(omit) }}"
|
syno_user: "{{ vault_syno_user }}"
|
||||||
syno_pass: "{{ vault_syno_pass | default(omit) }}"
|
syno_pass: "{{ vault_syno_pass }}"
|
||||||
syno_session: "DSM" # session DSM (souvent OK)
|
syno_session: "DSM"
|
||||||
|
|
||||||
# --- Upgrade API ---
|
# --- Upgrade API ---
|
||||||
# Les méthodes peuvent varier: ajuste si besoin (après tests)
|
|
||||||
upgrade_check_method: "check" # parfois: "status" / "get"
|
upgrade_check_method: "check" # parfois: "status" / "get"
|
||||||
upgrade_start_method: "start"
|
upgrade_start_method: "start"
|
||||||
|
|
||||||
# --- Sécurité ---
|
# --- Sécurité ---
|
||||||
refuse_if_no_upgrade_api: true # si true: on échoue si SYNO.Core.Upgrade absent
|
refuse_if_no_upgrade_api: true
|
||||||
|
|
||||||
|
# --- Réseau ---
|
||||||
|
uri_timeout: 60
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
- name: Construire base_url
|
- name: Construire base_url
|
||||||
|
|
@ -26,7 +28,7 @@
|
||||||
base_url: "{{ syno_scheme }}://{{ inventory_hostname }}:{{ syno_port }}"
|
base_url: "{{ syno_scheme }}://{{ inventory_hostname }}:{{ syno_port }}"
|
||||||
|
|
||||||
# 1) Découverte des APIs (paths & versions) via SYNO.API.Info
|
# 1) Découverte des APIs (paths & versions) via SYNO.API.Info
|
||||||
# IMPORTANT: Semaphore utilise souvent ansible.legacy.uri => pas de url_parameters, donc URL en 1 ligne
|
# IMPORTANT: Semaphore peut utiliser ansible.legacy.uri => pas de url_parameters.
|
||||||
- name: Discover SYNO.API.Auth & SYNO.Core.Upgrade via SYNO.API.Info
|
- name: Discover SYNO.API.Auth & SYNO.Core.Upgrade via SYNO.API.Info
|
||||||
ansible.builtin.uri:
|
ansible.builtin.uri:
|
||||||
url: "{{ base_url }}/webapi/entry.cgi?api=SYNO.API.Info&version=1&method=query&query=SYNO.API.Auth,SYNO.Core.Upgrade"
|
url: "{{ base_url }}/webapi/entry.cgi?api=SYNO.API.Info&version=1&method=query&query=SYNO.API.Auth,SYNO.Core.Upgrade"
|
||||||
|
|
@ -34,6 +36,7 @@
|
||||||
return_content: true
|
return_content: true
|
||||||
validate_certs: "{{ syno_verify_ssl }}"
|
validate_certs: "{{ syno_verify_ssl }}"
|
||||||
status_code: 200
|
status_code: 200
|
||||||
|
timeout: "{{ uri_timeout }}"
|
||||||
register: api_info
|
register: api_info
|
||||||
failed_when: api_info.json.success is not defined or api_info.json.success != true
|
failed_when: api_info.json.success is not defined or api_info.json.success != true
|
||||||
|
|
||||||
|
|
@ -53,51 +56,53 @@
|
||||||
|
|
||||||
- name: Définir chemins et versions max
|
- name: Définir chemins et versions max
|
||||||
ansible.builtin.set_fact:
|
ansible.builtin.set_fact:
|
||||||
|
# Certains DSM exposent Auth via entry.cgi, d'autres via auth.cgi.
|
||||||
|
# On respecte la discovery, mais on garde des valeurs par défaut sûres.
|
||||||
auth_path: "{{ auth_info.path | default('auth.cgi') }}"
|
auth_path: "{{ auth_info.path | default('auth.cgi') }}"
|
||||||
auth_ver: "{{ auth_info.maxVersion | default(7) }}"
|
|
||||||
upgrade_path: "{{ upgrade_info.path | default('entry.cgi') }}"
|
upgrade_path: "{{ upgrade_info.path | default('entry.cgi') }}"
|
||||||
upgrade_ver: "{{ upgrade_info.maxVersion | default(1) }}"
|
upgrade_ver: "{{ upgrade_info.maxVersion | default(1) }}"
|
||||||
|
|
||||||
# 2) Login -> SID
|
# 2) Login -> SID
|
||||||
- name: Login DSM API (SYNO.API.Auth)
|
# Fix: le maxVersion retourné peut casser le login (erreur 101).
|
||||||
|
# On tente d'abord une version stable (6), puis fallback (2).
|
||||||
|
- name: Login DSM API (SYNO.API.Auth) - try v6 then v2
|
||||||
|
block:
|
||||||
|
- name: Login v6
|
||||||
ansible.builtin.uri:
|
ansible.builtin.uri:
|
||||||
url: "{{ base_url }}/webapi/{{ auth_path }}"
|
url: "{{ base_url }}/webapi/{{ auth_path }}?api=SYNO.API.Auth&version=6&method=login&account={{ syno_user | urlencode }}&passwd={{ syno_pass | urlencode }}&session={{ syno_session | urlencode }}&format=sid"
|
||||||
method: GET
|
method: GET
|
||||||
validate_certs: "{{ syno_verify_ssl }}"
|
validate_certs: "{{ syno_verify_ssl }}"
|
||||||
return_content: true
|
return_content: true
|
||||||
status_code: 200
|
status_code: 200
|
||||||
# NOTE: pas de url_parameters (legacy). On passe les paramètres en query_string.
|
timeout: "{{ uri_timeout }}"
|
||||||
# Ansible uri accepte "body" pour POST, mais ici DSM Auth marche en GET.
|
register: login_v6
|
||||||
# On encode en query directement:
|
failed_when: login_v6.json.success != true
|
||||||
register: login
|
|
||||||
failed_when: login.json.success != true
|
- name: Set login result from v6
|
||||||
vars:
|
ansible.builtin.set_fact:
|
||||||
_login_url: >-
|
login: "{{ login_v6 }}"
|
||||||
{{ base_url }}/webapi/{{ auth_path }}
|
|
||||||
?api=SYNO.API.Auth
|
rescue:
|
||||||
&version={{ auth_ver }}
|
- name: Login v2 (fallback)
|
||||||
&method=login
|
|
||||||
&account={{ syno_user | urlencode }}
|
|
||||||
&passwd={{ syno_pass | urlencode }}
|
|
||||||
&session={{ syno_session | urlencode }}
|
|
||||||
&format=sid
|
|
||||||
# surcharge url avec la version 1-ligne sans espaces
|
|
||||||
# (on ne peut pas mettre des espaces: donc on met une seule ligne ci-dessous)
|
|
||||||
- name: Login DSM API (SYNO.API.Auth) - URL finale
|
|
||||||
ansible.builtin.uri:
|
ansible.builtin.uri:
|
||||||
url: "{{ base_url }}/webapi/{{ auth_path }}?api=SYNO.API.Auth&version={{ auth_ver }}&method=login&account={{ syno_user | urlencode }}&passwd={{ syno_pass | urlencode }}&session={{ syno_session | urlencode }}&format=sid"
|
url: "{{ base_url }}/webapi/{{ auth_path }}?api=SYNO.API.Auth&version=2&method=login&account={{ syno_user | urlencode }}&passwd={{ syno_pass | urlencode }}&session={{ syno_session | urlencode }}&format=sid"
|
||||||
method: GET
|
method: GET
|
||||||
validate_certs: "{{ syno_verify_ssl }}"
|
validate_certs: "{{ syno_verify_ssl }}"
|
||||||
return_content: true
|
return_content: true
|
||||||
status_code: 200
|
status_code: 200
|
||||||
register: login
|
timeout: "{{ uri_timeout }}"
|
||||||
failed_when: login.json.success != true
|
register: login_v2
|
||||||
|
failed_when: login_v2.json.success != true
|
||||||
|
|
||||||
|
- name: Set login result from v2
|
||||||
|
ansible.builtin.set_fact:
|
||||||
|
login: "{{ login_v2 }}"
|
||||||
|
|
||||||
- name: Enregistrer SID
|
- name: Enregistrer SID
|
||||||
ansible.builtin.set_fact:
|
ansible.builtin.set_fact:
|
||||||
sid: "{{ login.json.data.sid }}"
|
sid: "{{ login.json.data.sid }}"
|
||||||
|
|
||||||
# 3) (Optionnel) Check update (si la méthode existe)
|
# 3) (Optionnel) Check update (best effort)
|
||||||
- name: Check DSM update readiness (best effort)
|
- name: Check DSM update readiness (best effort)
|
||||||
ansible.builtin.uri:
|
ansible.builtin.uri:
|
||||||
url: "{{ base_url }}/webapi/{{ upgrade_path }}?api=SYNO.Core.Upgrade&version={{ upgrade_ver }}&method={{ upgrade_check_method }}&_sid={{ sid }}"
|
url: "{{ base_url }}/webapi/{{ upgrade_path }}?api=SYNO.Core.Upgrade&version={{ upgrade_ver }}&method={{ upgrade_check_method }}&_sid={{ sid }}"
|
||||||
|
|
@ -105,6 +110,7 @@
|
||||||
validate_certs: "{{ syno_verify_ssl }}"
|
validate_certs: "{{ syno_verify_ssl }}"
|
||||||
return_content: true
|
return_content: true
|
||||||
status_code: 200
|
status_code: 200
|
||||||
|
timeout: "{{ uri_timeout }}"
|
||||||
register: upgrade_check
|
register: upgrade_check
|
||||||
failed_when: false
|
failed_when: false
|
||||||
|
|
||||||
|
|
@ -112,7 +118,7 @@
|
||||||
ansible.builtin.debug:
|
ansible.builtin.debug:
|
||||||
var: upgrade_check.json
|
var: upgrade_check.json
|
||||||
|
|
||||||
# 4) Start upgrade (l'update est supposée déjà téléchargée / prête)
|
# 4) Start upgrade
|
||||||
- name: Start DSM upgrade (SYNO.Core.Upgrade)
|
- name: Start DSM upgrade (SYNO.Core.Upgrade)
|
||||||
ansible.builtin.uri:
|
ansible.builtin.uri:
|
||||||
url: "{{ base_url }}/webapi/{{ upgrade_path }}?api=SYNO.Core.Upgrade&version={{ upgrade_ver }}&method={{ upgrade_start_method }}&_sid={{ sid }}"
|
url: "{{ base_url }}/webapi/{{ upgrade_path }}?api=SYNO.Core.Upgrade&version={{ upgrade_ver }}&method={{ upgrade_start_method }}&_sid={{ sid }}"
|
||||||
|
|
@ -120,6 +126,7 @@
|
||||||
validate_certs: "{{ syno_verify_ssl }}"
|
validate_certs: "{{ syno_verify_ssl }}"
|
||||||
return_content: true
|
return_content: true
|
||||||
status_code: 200
|
status_code: 200
|
||||||
|
timeout: "{{ uri_timeout }}"
|
||||||
register: upgrade_start
|
register: upgrade_start
|
||||||
|
|
||||||
- name: Fail si start a échoué
|
- name: Fail si start a échoué
|
||||||
|
|
@ -136,10 +143,11 @@
|
||||||
# 5) Logout
|
# 5) Logout
|
||||||
- name: Logout DSM API
|
- name: Logout DSM API
|
||||||
ansible.builtin.uri:
|
ansible.builtin.uri:
|
||||||
url: "{{ base_url }}/webapi/{{ auth_path }}?api=SYNO.API.Auth&version={{ auth_ver }}&method=logout&session={{ syno_session | urlencode }}&_sid={{ sid }}"
|
url: "{{ base_url }}/webapi/{{ auth_path }}?api=SYNO.API.Auth&version=2&method=logout&session={{ syno_session | urlencode }}&_sid={{ sid }}"
|
||||||
method: GET
|
method: GET
|
||||||
validate_certs: "{{ syno_verify_ssl }}"
|
validate_certs: "{{ syno_verify_ssl }}"
|
||||||
return_content: true
|
return_content: true
|
||||||
status_code: 200
|
status_code: 200
|
||||||
|
timeout: "{{ uri_timeout }}"
|
||||||
register: logout
|
register: logout
|
||||||
failed_when: false
|
failed_when: false
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue